<?php
include("../../tools/session.php");

// 如果登录成功
if ($is_login_success === true)
{
?>
<?php
   $doc_id = $_GET["doc_id"];
   if (empty($doc_id)) { echo "Error: 参数不足！"; exit(); }
   
   include("../../tools/mysql.php");
   db_connect();
   
   // 如果这个文件不是发往本人或不是本人能查看的
   // $sql = "SELECT * FROM doc_exam WHERE doc_id=" . $doc_id . " AND handout_id=" . $_SESSION["user"]["id"];
   $sql = "SELECT DISTINCT * FROM document a, doc_exam b
		   WHERE a.doc_id=b.doc_id AND a.doc_id=" . $doc_id . "
		   AND b.handout_id=" . $_SESSION["user"]["id"] . " 
		   OR a.from_id=" . $_SESSION["user"]["id"] . "";
   if (!db_query_exists($sql)) { echo "Error: 非法访问！"; exit(); }

   header("content-type: text/xml");
   echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n";
   echo "<document>\n";
   
   $sql = "SELECT * FROM document WHERE doc_id=" . $doc_id;
   $re = db_query_once($sql);
   
   echo "<title><![CDATA[" . $re["title"] . "]]></title>\n";
   echo "<content><![CDATA[" . str_replace('\\"', '"', $re["content"]) . "]]></content>\n";
   /*
   $sql = "SELECT * FROM document WHERE doc_id=" . $doc_id;
   $re = db_query_once($sql);
   
   $sql2 = "SELECT username FROM user WHERE id=" . $re["from_id"];
   $re2 = db_query_once($sql2);
   
   $sql3 = "SELECT a.*, b.zh_name class_name FROM doc_tpl a LEFT JOIN doc_tpl_class b ON a.tpl_class_id=b.tpl_class_id WHERE a.tpl_id=" . $re["tpl_id"];
   $re3 = db_query_once($sql3);
   
   $doc_title = $re["title"];             // 公文标题
   $doc_content = str_replace('\\"', '"', $re["content"]);         // 公文内容
   $doc_time = explode(" ", $re["apply_time"]);
   $doc_time = $doc_time[0];              // 公文提交时间
   $doc_accessory = $re["accessory"];
   $doc_tpl_class = $re3["class_name"];
   $doc_tpl = $re3["name"];
   $doc_from = $re2["username"];
   $doc_instancy = ($re["instancy"] == 1) ? "一般" : (($re["instancy"] == 2) ? "紧急" : "加急");
   $doc_ismulti = $re["is_multi"];
	 
   include("tpl-inc-wp.php");   

   $tpl->assign("session_id", $_SESSION["user"]["id"]);
   $tpl->assign("doc_id", $doc_id);
   $tpl->assign("doc_title", $doc_title);
   $tpl->assign("doc_content", $doc_content);
   $tpl->assign("doc_time", $doc_time);
   $tpl->assign("doc_accessory", $doc_accessory);
   $tpl->assign("doc_tpl_class", $doc_tpl_class);
   $tpl->assign("doc_tpl", $doc_tpl);
   $tpl->assign("doc_from", $doc_from);
   $tpl->assign("doc_instancy", $doc_instancy);
   $tpl->assign("doc_ismulti", $doc_ismulti);
   $tpl->display($oa_tpl_path . "/default/view_doc_preview.html");
   */
   echo "</document>\n";
?>
<?php
}
// 如果登录失败或还未登录
else
{
   session_hop_page("../index.php");
   exit();
}

?>
